🛡️ LightweightAV

High-performance, standalone antivirus solution written in pure C# (User Mode). Zero dependencies. Zero bloat. Maximum control.

📖 About

LightweightAV is a custom security tool designed for advanced users, gamers, and system optimizers who need malware protection without the performance cost of commercial antivirus suites. It ensures zero input lag and no FPS drops by avoiding heavy kernel drivers and telemetry.

It is designed to "live off the land" — it can be compiled on any standard Windows machine using the built-in C# compiler (csc.exe) without installing Visual Studio or any external libraries.

✨ Key Features

• 🚀 Zero Impact Performance: Uses Parallel.ForEach (TPL) for multi-threaded scanning. No background drivers slowing down your system.
• 🧠 Heuristic Analysis:
  • Shannon Entropy: Detects packed, encrypted, or obfuscated executables (entropy > 7.5) often used by malware to hide from traditional signature-based detection.
  • Script Analysis: Scans .bat, .ps1, .vbs, and .txt files for suspicious commands (e.g., powershell -encodedcommand, kill, shutdown).
• 👁️ Real-Time Monitoring: Watches file system events in real-time. Can run silently in the System Tray.
• 💾 Memory Scanner: Analyzes active running processes and terminates malicious ones immediately.
• 📦 Portable & Standalone: Single .exe file. No installation required.
• 🔒 Secure Quarantine: Moves threats to a safe quarantine folder instead of deleting them immediately to prevent accidental data loss.

🛠️ Requirements

• Windows 7, 8, 10, or 11.
• .NET Framework 4.0 or higher.
• Administrator Privileges (Required for scanning system memory and protected folders).

⚡ How to Compile (No Visual Studio needed)

You can compile this project using the native Windows C# compiler found on every PC.

1. Save the source code as LightweightAV.cs.
2. Open Command Prompt (cmd.exe) as Administrator.
3. Run the following command:

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /reference:System.Windows.Forms.dll /reference:System.Drawing.dll /out:LightweightAV.exe LightweightAV.cs

🎮 Usage

Interactive Mode

Run LightweightAV.exe to see the console menu:

• Full System Scan: Scans the entire C:\ drive using multi-threading.
• Memory Scan: Checks all running processes for known signatures and heuristics.
• Real-Time Monitor: Watches for new/modified files instantly.
• Add to Startup: Adds the program to the Registry to start automatically (Minimized).
• Scan Specific Path: Scan a single file or folder (supports drag & drop).

Silent / Tray Mode

To start the antivirus in the background (System Tray only), run:

LightweightAV.exe /minimized

Note: Right-click the shield icon in the tray to open the console or exit.

---

🔍 Technical Details

• Entropy Check: Uses the Shannon entropy formula to calculate data density. Files with entropy $H > 7.5$ are flagged as suspicious (likely Packed, Encrypted, or Obfuscated).

  The formula used is: $$H = -\sum_{i=1}^{n} P(x_i) \log_2 P(x_i)$$

• User Mode Hooking: Uses FileSystemWatcher to monitor file system events (Created, Changed, Renamed) in real-time without the need for complex kernel-mode drivers.

• P/Invoke: Utilizes Windows API imports (kernel32.dll, user32.dll) to interact with the OS for tasks like managing console window visibility and process handling.

• Registry Persistence: Implements auto-start functionality by writing the executable path to: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

🔗 Connect with me